Cloud Storage Data Encryption Method, Apparatus and System
Abstract
This present application relates to the field of cloud storage security technology, and in particular, relates to a cloud storage data encryption method, apparatus and system. The method comprises: according to the amount of data X expected to be stored within the preset time, the proportion of local storage space R and the security level of data Z, calculating the size H of a random seed that should be generated; according to the amount Y of plaintext data every time, calculating the times u of random seed acquired; according to the times u, acquiring data from the generated random seed with the size of H for several times to generate a plaintext encryption bit identifier data string; by use of the data string, selecting more than one half of the plaintext data for encryption to form a ciphertext. This application also provides a cloud storage data encryption apparatus and system. This invention has reduced the amount of encrypted data to be stored without sacrifice in the degree of data security protection, thus greatly improves the cloud storage data encryption and decryption performance.
Claims
exact text as granted — not AI-modified1 . A cloud storage data encryption method comprising:
according to the amount of data X expected to be stored into a cloud storage data center within a determined period of time, the proportion of local storage space to occupy R and the level of data security Z, calculating the size H of a random seed that should be generated; according to the amount Y of plaintext data to be encrypted every time, calculating the data acquisition times u from the random seed; generating and storing the random seed with the size of H according a preset method; acquiring data for several times from the random seed, and cascading the data acquired each time into a random string of no shorter than the length of a plaintext; according to the random string, generating a plaintext encryption bit identifier random string; according to the plaintext encryption bit identifier random string, selecting more than one half of plaintext data for encryption; and according to their positions in the plaintext, arranging the encrypted data and unencrypted data to form a ciphertext.
2 . The method of claim 1 wherein
H
=
X
R
-
8
X
Z
=
X
(
1
R
-
8
Z
)
,
where Z=Y/u, and Z>8R.
3 . The method of claim 1 wherein the starting position where data is randomly acquired from the random seed every time and the data acquisition length are random.
4 . The method of claim 1 wherein the steps of cascading and generating the data acquired every time into a random string of 0, 1 values of no less than the length of the plaintext comprise:
when the length of the random string is greater than the length of the plaintext, data is acquired from the random string for several times to generate a new random string of no less than the length of the plaintext.
5 . The method of claim 1 wherein the step of generating a plaintext encryption bit identifier data string by use of the random string comprises:
when the length of the random string is equal to the length of the plaintext, determining whether the number of 1 in the random string is greater than one half of the data bits of the plaintext; if so, selecting the random string as the plaintext encryption bit identifier random string; if not, conducting logical negation operation on the random string, and using the random string after logical negation operation as the plaintext encryption bit identifier random string;
when the length of the random string is greater than the length of the plaintext, acquiring data from the random starting position of the random string to form a new random string of the same length as the plaintext; determining whether the number of 1 in the new random string is greater than one half of the data bits of the plaintext; if so, selecting the new random string as the plaintext encryption bit identifier random string; if not, conducting logical negation operation on the new random string, and using the new random string after logical negation operation as the plaintext encryption bit identifier random string.
6 . The method of claim 1 wherein the step of generating a plaintext encryption bit identifier data string by use of the random string comprises:
generating a message digest value of the plaintext encryption bit identifier random string by the message digest operation; and
determining whether the message digest value is the same as the message digest value of the previously stored plaintext encryption bit identifier random string; if so, re-generating the plaintext encryption bit identifier random string; otherwise outputting and storing the plaintext encryption bit identifier random string, and meanwhile storing its message digest value.
7 . The method of claim 1 wherein the step of selecting more than one half of the plaintext encryption bit identifier random string for encryption by use of the plaintext encryption bit identifier data string to form a ciphertext comprises:
starting from the first bit of data, arranging the plaintext encryption bit identifier random string and plaintext data correspondingly bit by bit in parallel; and
selecting the position of plaintext data corresponding to 1 in the plaintext encryption bit identifier random string as the encrypted data.
8 . A cloud storage data encryption apparatus comprising:
a random seed size and acquisition times calculation module for calculating the size H of a random seed that should be generated according to the amount of data X expected to be stored into the cloud storage data center within a determined period of time, the proportion of local storage space R and the level of data security Z, and calculating the data acquisition times u according to the amount Y of plaintext data to be encrypted every time; a true random number generation module for generating random numbers, and for generating the random seed with the corresponding size according to the size of the random seed and the size H of the random seed calculated by the random seed size and acquisition times calculation module; an encryption bit identifier random string generation module for acquiring data for several times from random seed generated by the true random number generation module, cascading the data acquired each time into a random string no shorter than the length of a plaintext, and according to the random string, generating a plaintext encryption bit identifier random string; a plaintext selective data encryption module for randomly selecting more than one half of the plaintext data for encryption according to the plaintext encryption bit identifier random string generated by the encryption bit identifier random string generation module; and a ciphertext formation module for arranging the data encrypted by the plaintext selective data encryption module and the unencrypted data according to their positions in the plaintext to form a ciphertext.
9 . The apparatus of claim 8 wherein the apparatus also comprises:
an encryption bit identifier random string message digest value storage module for storing the message digest value of encryption bit identifier random string;
an encryption bit identifier random string message digest value generation module for generating by the message digest value operation a message digest value of the plaintext encryption bit identifier random string generated by the encryption bit identifier random string generation module, and returning the message digest value to the encryption bit identifier random string message digest value storage module; and
an encryption bit identifier random string verification module for comparing message digest value of the plaintext encryption bit identifier random string generated by the encryption bit identifier random string generation module and the message digest value in the encryption bit identifier random string message digest value storage module, and outputting the comparison result to the encryption bit identifier random string generation module.
10 . A cloud storage data encryption system comprising a cloud storage data encryption apparatus and a cloud storage data center; wherein the cloud storage data encryption apparatus comprises:
a random seed size and acquisition times calculation module, used for calculating the size H of a random seed that should be generated according to the amount of data X expected to be stored into the cloud storage data center within a certain period of time, the proportion of local storage space R and the level of data security Z, and calculating the data acquisition times u according to the amount Y of plaintext data to be encrypted every time; a true random number generation module, used for generating random numbers, and for generating the random seed with the corresponding size according to the size of the random seed and the size H of the random seed calculated by the random seed size and acquisition times calculation module; an encryption bit identifier random string generation module for acquiring data for several times from random seed generated by the true random number generation module, cascading the data acquired each time into a random string no shorter than the length of a plaintext, and according to the random string, generating a plaintext encryption bit identifier random string; a plaintext selective data encryption module for randomly selecting more than one half of the plaintext data for encryption according to the plaintext encryption bit identifier random string generated by the encryption bit identifier random string generation module; and a ciphertext formation module for arranging the data encrypted by the plaintext selective data encryption module and the unencrypted data according to their positions in the plaintext to form a ciphertext.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.